Embed
Email

Directory Password Reset Policy 9.1.13

Document Sample
Directory Password Reset Policy 9.1.13
Shared by: RyanTannehill
Categories
Tags
Stats
views:
32
posted:
8/21/2009
language:
English
pages:
3
Policy Title: Policy Number:



Directory Password 9.1.13

Reset Policy

Category: Effective Date: Policy Owner:

Information 01/04/2008 VP and Chief

Technology Prior Effective Date: Information Officer

N/A

Policy applicable for: Enabling Acts: Responsible Office(s):

Faculty/Staff/Student ISO 27001/17799, COBIT 4.0, GLB, UC Information Security

Policy, HIPAA, FERPA, PCI





Background



Policy

Automated password recovery/reset:

• UCit shall provide an automated password recovery/reset solution for any Central Directory system

provided (i.e. Active Directory, Central Login Service)

• This system will operate in a manner and by processes approved by the Director of Information

Security.

• The system should allow the user to select from a number of standard questions or to provide their

own questions and to provide unique answers to those questions. These question/answer sets will be

used for the purpose of verification of identity for both automated and manually assisted password

resets.

• The password recovery solution should not rely on Social Security Number (SSN) or any portion

thereof (Last 4).

• The password recovery solution should not rely on the M# or any portion thereof.

• UC organizations that provide systems for which a password is required, but is not kept in synch with

a central UCit directory system should also consider providing an automated password recovery/reset

solution for their application.



Assisted password recovery/reset:

• If the automated password recovery/reset solution provided by UCit is unavailable or fails, the user

may then call the UC helpdesk to reset their password. The UC helpdesk may be reached at 513-

556-HELP

• Any user requesting a password reset must verify their identity prior to having the reset completed.

• The user must confirm their identity by providing the answer to 3-4 confidential questions set up in the

password recovery system.

• Verification is to be conducted by full time UCit help desk staff personnel only.



Audience:

This policy applies to all organizations and individuals associated with the University of Cincinnati.



Definitions:



Directory: A database of user information that allows for the central administration of account

information. Directories allow a user to maintain their information or to change their password in one

location have the change be immediately available to every application that uses the directory.









University of Cincinnati

Policy - Password Resets - 9.1.13.doc, page 1 of 3

Procedure:



ISO 27001/17799 International Standards

Organization for Information

Security

COBIT 4.0 ISACA Audit Controls Objective

for IT

GLB Gramm-Leach-Bliley Act

UC Policy General Policy on the Use of

Information Technology

UC Policy Information Technology

Management Policy

UC Policy Information Security Policies

HIPAA Health Insurance Portability and

Accountability Act

FERPA Family Educational Rights and

Privacy Act

PCI Payment Card Industry







Related links:

• International Standards Organization 17799:2005

• Control Objectives for IT

• Gramm-Leach-Bliley Act

• UC Policy - General Policy on the Use of Information Technology

• UC Policy - Information Technology Management Policy

• UC Policy - Information Security Policies

• Health Insurance Portability and Accountability Act

• The Family Educational Rights and Privacy Act

• Payment Card Industry



Phone Contacts:



UC Information Security 8-ISEC

Director, Information Security 6-9177

UC Office of the CIO 6-2228









University of Cincinnati

Policy - Password Resets - 9.1.13.doc, page 2 of 3

Disciplinary Actions:



Violation of this policy may result in revocation of network access for the effected system(s).

Violation of this policy may result in disciplinary action which may include termination for employees and

temporaries; a termination of employment relations in the case of contractors or consultants and dismissal

for interns and volunteers. Additionally, individuals are subject to loss of University of Cincinnati

Information Resources, access privileges, civil, and in some cases criminal prosecution.









University of Cincinnati

Policy - Password Resets - 9.1.13.doc, page 3 of 3


Related docs
Password Reset PRO Installation Guide
Views: 2  |  Downloads: 0
Password Self Service Reset
Views: 6  |  Downloads: 0
PASSWORD RESET REQUEST FORM
Views: 12  |  Downloads: 0
password
Views: 4  |  Downloads: 0
Password Reset FAQ
Views: 71  |  Downloads: 1
Forgot Password Reset Windows Server Password
Views: 2  |  Downloads: 0
PASSWORD
Views: 17  |  Downloads: 0
Tree-Ways-to-Reset-SQL-Password_
Views: 1  |  Downloads: 0
GatorLink Password Management Policy
Views: 1  |  Downloads: 0
APG Password Policy
Views: 7  |  Downloads: 1
NCSU Administrative Password Policy
Views: 0  |  Downloads: 0
7 Gold Systems Password Reset SpeechTekWest2007
Views: 1  |  Downloads: 0
Directory
Views: 21  |  Downloads: 0
Password
Views: 275  |  Downloads: 0
Active Directory Technical Overview
Views: 154  |  Downloads: 20
Other docs by RyanTannehill
SkyTeam Transatlantic Routes
Views: 9  |  Downloads: 0
MR Credit 1.1-1.2 Construction, Demolition and Renovation Waste
Views: 3  |  Downloads: 0
Jan
Views: 41  |  Downloads: 0
SME Banking (Transitional)
Views: 55  |  Downloads: 3
Anticipated acquisition by AAH Pharmaceuticals Limited of East
Views: 129  |  Downloads: 0
OFT(07)5 minutes Minutes of the Office of Fair Trading
Views: 1  |  Downloads: 0
Sustainable Transportation Working Group
Views: 5  |  Downloads: 0
SLP Skill Competency Evaluation
Views: 206  |  Downloads: 4
esb08301
Views: 2  |  Downloads: 0
ARTS ON EDGE
Views: 11  |  Downloads: 0
By registering with docstoc.com you agree to our
privacy policy
Close

You are almost ready to download!

close

You are almost ready to download!